mirror of
https://gitlab.com/shorewall/code.git
synced 2024-11-26 09:33:14 +01:00
More combining of products
git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@9489 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep
parent
f68ec9d096
commit
c355ec2509
@ -1,172 +1,2 @@
|
||||
Changes in Shorewall 4.2.7
|
||||
Changes in Shorewall 4.3.5
|
||||
|
||||
1) Added /etc/shorewall/notrack.
|
||||
|
||||
2) Added new columns to the routestopped file.
|
||||
|
||||
3) Moved tunnel rules back to the front of the NEW section.
|
||||
|
||||
4) Handle long sport lists.
|
||||
|
||||
Changes in Shorewall 4.2.6
|
||||
|
||||
1) Added macro.BitTorrent32
|
||||
|
||||
2) Add COUNT action.
|
||||
|
||||
3) Add swping
|
||||
|
||||
4) Add RESTORE_DEFAULT_ROUTE option
|
||||
|
||||
5) Use dhcpcd's database to detect dynamic gateways.
|
||||
|
||||
6) Fix TCP_FLAGS_DISPOSITION=REJECT
|
||||
|
||||
7) Allow protocol and port inversion.
|
||||
|
||||
8) Don't check for "-m state" until after modules are loaded
|
||||
|
||||
9) Fix Shorewall6[-lite]/Makefile
|
||||
|
||||
10) Reorganized generated script to be more like 4.3.
|
||||
|
||||
11) Added 'restored' script.
|
||||
|
||||
12) Another ctorigdstport fix.
|
||||
|
||||
13) Allow 'here documents' in extension scripts
|
||||
|
||||
14) Another ctorigdst fix.
|
||||
|
||||
15) Add flow key support.
|
||||
|
||||
16) Fix 'show connections'.
|
||||
|
||||
Changes in Shorewall 4.2.5
|
||||
|
||||
1) Add 'fallback' providers option.
|
||||
|
||||
2) Support for xtables-addons IPP2P.
|
||||
|
||||
3) Slow down startup some more by adding more modules and modules
|
||||
search directories.
|
||||
|
||||
4) Fix 'shorewall6 debug start'
|
||||
|
||||
5) Added macro.Git.
|
||||
|
||||
6) Fix running of tcclear script.
|
||||
|
||||
7) Added macro.IRC.
|
||||
|
||||
8) Fix --ctorigport usage
|
||||
|
||||
Changes in Shorewall 4.2.4.6
|
||||
|
||||
1) Fix hosts exclusion in DNAT/REDIRECT.
|
||||
|
||||
2) Work around http://rt.cpan.org/Public/Bug/Display.html?id=13851
|
||||
|
||||
Changes in Shorewall 4.2.4.5
|
||||
|
||||
1) Fix critical hosts handling in Shorewall6.
|
||||
|
||||
Changes in Shorewall 4.2.4.4
|
||||
|
||||
1) Fix exclusion yet another time.
|
||||
|
||||
Changes in Shorewall 4.2.4.3
|
||||
|
||||
1) Fix exclusion again
|
||||
|
||||
Changes in Shorewall 4.2.4.2
|
||||
|
||||
1) Fix 'refresh'
|
||||
|
||||
Changes in Shorewall 4.2.4.1
|
||||
|
||||
1) Fix 'shorewall6 restore' etc.
|
||||
|
||||
2) Fix init scripts.
|
||||
|
||||
Changes in Shorewall 4.2.4-RC3
|
||||
|
||||
1) Fix exclusion handling with certain hosts options.
|
||||
|
||||
2) Rework zone exclusion to more accurately model what the user specifies.
|
||||
|
||||
Changes in Shorewall 4.2.4-RC2
|
||||
|
||||
1) Update samples.
|
||||
|
||||
2) Remove special handling of 2000::/3 routes.
|
||||
|
||||
3) Fix handling of multi-zone interfaces.
|
||||
|
||||
Changes in Shorewall 4.2.4-RC1
|
||||
|
||||
1) Merge changes from 4.3.3 -- IPv6 support.
|
||||
|
||||
Changes in Shorewall 4.2.3
|
||||
|
||||
1) Verify User/Group names.
|
||||
|
||||
2) Don't allow compiled script named 'shorewall'.
|
||||
|
||||
3) Avoid problems when '$' appears on the first line of
|
||||
/etc/shorewall/compile.
|
||||
|
||||
4) Add the output of "netstat -tunap" to dump
|
||||
|
||||
5) Allow '+' as an interface.
|
||||
|
||||
6) Change ipp2p detection to support latest version.
|
||||
|
||||
7) Fix NEW_CONNTRACK_MATCH.
|
||||
|
||||
8) Make use of --goto.
|
||||
|
||||
9) Allow ressetting individual chains.
|
||||
|
||||
10) Correct faulty optimization.
|
||||
|
||||
Changes in Shorewall 4.2.2
|
||||
|
||||
1) Insure that lines copied from a user file are newline-terminated.
|
||||
|
||||
2) Added macro.JAP.
|
||||
|
||||
3) Added macro.DAAP.
|
||||
|
||||
4) Added macro.DCC.
|
||||
|
||||
5) Added macro.GNUnet.
|
||||
|
||||
6) Prevent invalid rules when KLUDGEFREE is not set.
|
||||
|
||||
7) Separated detection of old conntrack syntax from new conntrack
|
||||
feature detection.
|
||||
|
||||
8) Fix nonat rules with destination IP address.
|
||||
|
||||
9) Correct NEW_CONNTRACK_MATCH with server port but no dest port.
|
||||
|
||||
Changes in Shorewall 4.2.1
|
||||
|
||||
1) Added CONNBYTES to tcrules manpage. Flesh out description of HELPER.
|
||||
|
||||
2) Fixed minor CONNBYTES editing issue.
|
||||
|
||||
3) Add CONNLIMIT to policy and rules.
|
||||
|
||||
4) Allow use of iptables-1.4.1.
|
||||
|
||||
5) Add time match support.
|
||||
|
||||
6) Applied Lennart Sorensen's patch for length match.
|
||||
|
||||
7) Take advantage of --ctorigdstport
|
||||
|
||||
8) Fix syntax error in 'export'
|
||||
|
||||
Initial release of Shorewall 4.2.0.
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
#! /usr/bin/perl -w
|
||||
#
|
||||
# The Shoreline Firewall4 (Shorewall-perl) Packet Filtering Firewall Compiler - V4.2
|
||||
# The Shoreline Firewall4 (Shorewall-perl) Packet Filtering Firewall Compiler - V4.4
|
||||
#
|
||||
# This program is under GPL [http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt]
|
||||
#
|
||||
|
||||
@ -162,8 +162,6 @@ if [ -n "$PREFIX" ]; then
|
||||
install -d $OWNERSHIP -m 755 ${PREFIX}${DEST}
|
||||
fi
|
||||
else
|
||||
[ -x /usr/share/shorewall-shell/compiler -o -x /usr/share/shorewall-perl/compiler.pl ] || \
|
||||
{ echo " ERROR: No Shorewall compiler is installed" >&2; exit 1; }
|
||||
if [ -z "$CYGWIN" ]; then
|
||||
if [ -d /etc/apt -a -e /usr/bin/dpkg ]; then
|
||||
DEBIAN=yes
|
||||
|
||||
@ -35,7 +35,6 @@ SHOREWALL_CAPVERSION=40205
|
||||
[ -n "${VARDIR:=/var/lib/shorewall}" ]
|
||||
[ -n "${SHAREDIR:=/usr/share/shorewall}" ]
|
||||
[ -n "${CONFDIR:=/etc/shorewall}" ]
|
||||
PERLSHAREDIR=/usr/share/shorewall-perl
|
||||
|
||||
#
|
||||
# Message to stderr
|
||||
|
||||
@ -584,12 +584,12 @@ show_command() {
|
||||
echo "dropBcast # Silently Drop Broadcast/multicast"
|
||||
echo "dropInvalid # Silently Drop packets that are in the INVALID conntrack state"
|
||||
echo "dropNotSyn # Silently Drop Non-syn TCP packets"
|
||||
echo "drop1918src # Drop packets with an RFC 1918 source address (Shorewall-perl only)"
|
||||
echo "drop1918dst # Drop packets with an RFC 1918 original dest address (Shorewall-perl only)"
|
||||
echo "drop1918src # Drop packets with an RFC 1918 source address"
|
||||
echo "drop1918dst # Drop packets with an RFC 1918 original dest address"
|
||||
echo "forwardUPnP # Allow traffic that upnpd has redirected from"
|
||||
echo "rejNotSyn # Silently Reject Non-syn TCP packets"
|
||||
echo "rej1918src # Reject packets with an RFC 1918 source address (Shorewall-perl only)"
|
||||
echo "rej1918dst # Reject packets with an RFC 1918 original dest address (Shorewall-perl only)"
|
||||
echo "rej1918src # Reject packets with an RFC 1918 source address"
|
||||
echo "rej1918dst # Reject packets with an RFC 1918 original dest address"
|
||||
|
||||
if [ -f ${CONFDIR}/actions ]; then
|
||||
cat ${SHAREDIR}/actions.std ${CONFDIR}/actions | grep -Ev '^\#|^$'
|
||||
@ -696,10 +696,6 @@ dump_command() {
|
||||
clear_term
|
||||
echo "$PRODUCT $version Dump at $HOSTNAME - $(date)"
|
||||
echo
|
||||
if [ -f /usr/share/shorewall-perl/version ]; then
|
||||
echo " Shorewall-perl $(cat /usr/share/shorewall-perl/version)"
|
||||
echo
|
||||
fi
|
||||
|
||||
show_reset
|
||||
host=$(echo $HOSTNAME | sed 's/\..*$//')
|
||||
|
||||
@ -1890,7 +1890,7 @@ do_initialize() {
|
||||
|
||||
[ -f $VERSION_FILE ] && VERSION=$(cat $VERSION_FILE)
|
||||
|
||||
[ -d /usr/share/shorewall-perl ] && set -a;
|
||||
set -a;
|
||||
|
||||
run_user_exit params
|
||||
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -379,7 +379,7 @@ compiler() {
|
||||
run_user_exit params
|
||||
set +a
|
||||
|
||||
perl $debugflags /usr/share/shorewall-perl/compiler.pl $options $@
|
||||
perl $debugflags /usr/share/shorewall/compiler.pl $options $@
|
||||
}
|
||||
|
||||
#
|
||||
@ -1524,11 +1524,6 @@ version_command() {
|
||||
|
||||
echo $version
|
||||
|
||||
if [ -n "$all" ]; then
|
||||
if [ -f /usr/share/shorewall-perl/version ]; then
|
||||
echo "Shorewall-perl $(cat /usr/share/shorewall-perl/version)"
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
if [ $# -eq 0 ]; then
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
%define name shorewall-common
|
||||
%define name shorewall
|
||||
%define version 4.2.7
|
||||
%define release 0base
|
||||
|
||||
@ -13,20 +13,14 @@ Source: %{name}-%{version}.tgz
|
||||
URL: http://www.shorewall.net/
|
||||
BuildArch: noarch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-root
|
||||
Requires: iptables iproute shorewall_compiler
|
||||
Requires: iptables iproute
|
||||
Supersedes: shorewall-common shorewall-perl
|
||||
|
||||
%description
|
||||
|
||||
The Shoreline Firewall, more commonly known as "Shorewall", is a Netfilter
|
||||
(iptables) based firewall that can be used on a dedicated firewall system,
|
||||
a multi-function gateway/ router/server or on a standalone GNU/Linux system.
|
||||
|
||||
Shorewall offers two alternative firewall compilers, shorewall-perl and
|
||||
shorewall-shell. The shorewall-perl compilers is suggested for new installed
|
||||
systems and shorewall-shell is provided for backwards compability and smooth
|
||||
legacy system upgrades because shorewall perl is not fully compatible with
|
||||
all legacy configurations.
|
||||
|
||||
%prep
|
||||
|
||||
%setup
|
||||
@ -136,6 +130,10 @@ fi
|
||||
%attr(0644,root,root) /usr/share/shorewall/configpath
|
||||
%attr(0755,root,root) /usr/share/shorewall/wait4ifup
|
||||
|
||||
%attr(755,root,root) /usr/share/shorewall/compiler.pl
|
||||
%attr(0644,root,root) /usr/share/shorewall/prog.*
|
||||
%attr(0644,root,root) /usr/share/shorewall/Shorewall/*.pm
|
||||
|
||||
%attr(0644,root,root) /usr/share/shorewall/configfiles/shorewall.conf
|
||||
%attr(0644,root,root) /usr/share/shorewall/configfiles/zones
|
||||
%attr(0644,root,root) /usr/share/shorewall/configfiles/policy
|
||||
Loading…
Reference in New Issue
Block a user